# # For a description of the syntax of this configuration file, # see the file kconfig-language.txt in the NuttX tools repository. # config NET_NAT bool "Network Address Translation (NAT)" default n depends on NET_IPFORWARD ---help--- Enable or disable Network Address Translation (NAT) function. Note: When forwarding IPv4 packet and applying NAT, NAT may be applied directly on a single I/O buffer containing L3 packet header, and NAT may need a continuous buffer of at least 68 Bytes (IPv4 20B + ICMP 8B + IPv4 20B + TCP 20B). And 108 Bytes for IPv6. config NET_NAT44 bool "IPv4-to-IPv4 NAT (NAT44)" default y depends on NET_IPv4 && NET_NAT depends on IOB_BUFSIZE >= 68 choice prompt "NAT44 Type" default NET_NAT44_FULL_CONE depends on NET_NAT44 config NET_NAT44_FULL_CONE bool "Full Cone NAT" ---help--- Full Cone NAT is easier to traverse than Symmetric NAT, and uses less resources than Symmetric NAT. config NET_NAT44_SYMMETRIC bool "Symmetric NAT" ---help--- Symmetric NAT will be safer than Full Cone NAT, be more difficult to traverse, and has more entries which may lead to heavier load. endchoice config NET_NAT66 bool "IPv6-to-IPv6 NAT (NAT66)" default y depends on NET_IPv6 && NET_NAT depends on IOB_BUFSIZE >= 108 choice prompt "NAT66 Type" default NET_NAT66_FULL_CONE depends on NET_NAT66 config NET_NAT66_FULL_CONE bool "Full Cone NAT" ---help--- Full Cone NAT is easier to traverse than Symmetric NAT, and uses less resources than Symmetric NAT. config NET_NAT66_SYMMETRIC bool "Symmetric NAT" ---help--- Symmetric NAT will be safer than Full Cone NAT, be more difficult to traverse, and has more entries which may lead to heavier load. endchoice config NET_NAT_HASH_BITS int "The bits of NAT entry hashtable" default 5 range 1 10 depends on NET_NAT ---help--- The hashtable of NAT entries will have (1 << bits) buckets. config NET_NAT_TCP_EXPIRE_SEC int "TCP NAT entry expiration seconds" default 86400 depends on NET_NAT ---help--- The expiration time for idle TCP entry in NAT. Note: The default value 86400 is suggested by RFC2663, Section 2.6, Page 5. config NET_NAT_UDP_EXPIRE_SEC int "UDP NAT entry expiration seconds" default 240 depends on NET_NAT ---help--- The expiration time for idle UDP entry in NAT. Note: RFC2663 (Section 2.6, Page 5) suggests that non-TCP sessions that have not been used for a couple of minutes can be assumed to be terminated. config NET_NAT_ICMP_EXPIRE_SEC int "ICMP NAT entry expiration seconds" default 60 depends on NET_NAT ---help--- The expiration time for idle ICMP entry in NAT. Note: The default value 60 is suggested by RFC5508, Section 3.2, Page 8. config NET_NAT_ICMPv6_EXPIRE_SEC int "ICMPv6 NAT entry expiration seconds" default 60 depends on NET_NAT ---help--- The expiration time for idle ICMPv6 entry in NAT. config NET_NAT_ENTRY_RECLAIM_SEC int "The time to auto reclaim all expired entries" default 3600 depends on NET_NAT ---help--- The time to auto reclaim all expired entries. A value of zero will disable auto reclaiming. Note: Expired entries will be automatically reclaimed when matching inbound/outbound entries, so this config does not have significant impact when NAT is normally used, but very useful when the hashtable is big and there are only a few connections using NAT (which will only trigger reclaiming on a few chains in hashtable).